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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.1 36(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

t)[3 Responsive to communication(s) filed on 11 June 2001 , 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935C.D. 11, 453 O.G. 213. 
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4) ^ Claim(s) 1-39 is/are pending in the application. 
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6) ^ Claim(s) 1-39 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 
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Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) ^ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date 09/878.536 . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 1 



Application/Control Number: 09/878,536 Page 2 

Art Unit: 2135 

DETAILED ACTION 

Claims 1-39 have been examined and are pending. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 7, 24, 30-33, and 36-37 rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

1 . Claims 7 and 24 recites the limitation "said access decisions" in line 1 . There 
are insufficient antecedent basis for these limitations in the claims. The 
examiner assumes the applicant meant to state "said contributory decisions." 

2. Claim 30 recites the limitation "said step of communicating" in line 1 . There is 
insufficient antecedent basis for this limitation in the claim. 

3. Claim 36 recites the limitation "the type of access" in lines 1-2. There is 
insufficient antecedent basis for this limitation in the claim. 

4. Any claims not specifically addressed are rejected by virtue of dependency. 
Appropriate action is required. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-2, 5-13, 15, 17-19, 22, 30, 32, and 34-39 are rejected under 35 
U.S.C. 102(e) as being anticipated by Wiederhold (U.S. 6,226,745). 

1. Claims 1 and 18: Wiederhold discloses a security system of claim 1 and 
method as in claim 18 for allowing a client to access a protected resource, 
comprising: 

• Receiving at an application interface mechanism an access request 
from a client application to access a protected resource and 
communicating said access request to a security service (col 4, lines 
56-58). 

• Making a decision at said security service to permit or deny said 
access request (col 5, lines 1-10). 

• Communicating via a resource interface permitted access requests to 
said protected resource (col 4, lines 49-55). 

An application interface mechanism for receiving requests from a client 
application must inherently exist or the mediator disclosed by Wiederhold 
would not be able to receive/intercept queries related to a protected resource. 
The security service disclosed by Wiederhold consists of what he calls a 
"security mediator" and/or a "security officer." 
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2. Claims 2 and 19: Wiederhold discloses a security system and method of 
claims 1 and 18 respectively wherein said application interface mechanism 
includes an application container for reading an application deployment 
description and registering said deployment description within the security 
service (col 3, lines 37-46). 

An application container is an environment in which an application runs. 
This can include hardware or software. It is inherent that if an application 
exists, an application container must also exist. 

3. Claims 5 and 22: Wiederhold discloses a security system and method of 
claim 1 and claim 18 respectively wherein said security system and said 
method further comprises: 

• Defining an access policy via a plurality of access decision 
mechanisms within said security service (col 3, lines 37-45; fig 3, item 
100; and fig 4, item 200). 

• Determining at each access decision mechanism a contributory 
decision to permit, deny, or abstain from said access request (col 5, 1 st 
paragraph). 

The examiner has interpreted "access decision mechanisms" as broadly 
as reasonable to include any rule, procedure, device, data structure, or 
function that is used by the security service to define an access policy. 

4. Claims 6 and 23: Wiederhold discloses a security system of claim 5 further 
including an access controller for and a method of claim 22 further comprising 
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transferring via said access controller said access request to said plurality of 
access decision mechanisms, and combining contributory decisions into an 
overall decision by the security service to permit or deny said access request 
(col 3, lines 37-64). 

5. Claims 7 and 24: Wiederhold discloses a security system of claim 5 and a 
method of claim 22 wherein said contributory access decisions represent a 
business function related access policy (col 3, lines 37-64 and col 5, lines 11- 
16). 

The examiner has interpreted "business function related access policy" to 
mean any sort of access policy as any access policy can affect the way a 
business operates. Therefore, the examiner has interpreted claims 7 and 24 
to mean that contributory access decisions are made based on access 
policies or rules. 

6. Claims 8 and 25: Wiederhold discloses a security system of claim 5 and 
method of claim 22 wherein access decisions may be added to the security 
service to reflect changes in the access policy (col 5, lines 34-41). 

7. Claims 9 and 26: Wiederhold discloses a security system of claim 5 and 
method of claim 22 wherein said access decision mechanisms are used to 
define an entitlement for said client to access said protected resource (col 4, 
last paragraph). 

8. Claims 10 and 27: Wiederhold discloses a security system of claim 5 and a 
method of claim 22 wherein a deny or abstain by any on of said access 
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decision mechanisms cause the security service to deny the access request 
(col 5, 1 st paragraph). 

9. Claims 1 1 and 28: Wiederhold discloses a security system of claim 5 and a 
method of claim 22 wherein an abstain by any one of said decision 
mechanisms des not cause the security service to deny the access request 
(col 5, 1 st paragraph). 

10. Claims 12 and 29: Wiederhold discloses a security system of claim 5 wherein 
said security service further includes an audit mechanism for and a method of 
claim 22 wherein said auditing via said audit mechanism the determinations 
of said plurality of access requests (col 5, last paragraph and col 6, lines 1-2). 

1 1 . Claims 1 3 and 30: Wiederhold discloses a security system of claim 1 and a 
method of claim 18 wherein communicating via a resource interface includes 
passing requests via an interface mechanism to or from a protected resource 
(col 5, lines 28-31 and col 5, lines 56-61). 

12. Claims 15 and 32: Wiederhold discloses a security system of claim 13 and 
method of claim 30 wherein said interface mechanism includes a security 
provider interface (col 4, last paragraph). 

The examiner has interpreted a "security provider interface" as any 
mechanism which allows a user or application to access the resource in 
secure manner. In the case of Wiederhold's invention, the security service 
itself is the security provider interface as it filters the results of an access 
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query to disclose only the parts of a secure resource that a user or application 
has proper entitlement to have. 

13. Claims 17 and 34: Wiederhold discloses a security system of claim 1 wherein 
said security service further includes and a method of claim 18 further 
comprising making a decision on whether to permit or deny a response to 
said access request from said protected resource to said client (col 4, last 
paragraph). 

14. Claim 35: Wiederhold discloses a method for determining a user entitlement 
to access protected resources in a secure environment, comprising: 

• Receiving an access requests from a user application to access a 
protected resource (fig 2 and col 4, last paragraph). 

• Invoking a security service with said access request (fig 2 and col 3, 
lines 22-26). 

• Determining a user entitlement to access said protected resource (col 
3, lines 37-45). 

• Making a decision at said security service based on said user 
entitlement to permit or deny said access request (col 5, 1 st 
paragraph). 

• The steps of either: 

a) Communicating a permitted access request to said protected 
resource (col 5, 1 st paragraph), or 
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b) Denying a denied access request to said protected resource 
(col 5, 1 st paragraph). 

15. Claim 36: Wiederhold discloses a method of claim 35 wherein said 
entitlement determines a type of access available to the user of said 
protected resource (col 6, lines 11-21). 

16. Claim 37: Wiederhold discloses a method of claim 36 wherein said type of 
access includes any of view, modify, delete, or copy, any part or all of said 
protected resource (col 6, lines 19-32). 

View, modify, delete, or copy, any part or all of a resource are the types of 
functions normally performed on a resource when performing database 
queries. 

17. Claim 38: Wiederhold discloses a method of claim 55 wherein information 
-about said user entitlement can be communicated from a first security realm 
to a second security realm (col 5, 1 st paragraph). 

The examiner has interpreted a security realm as any individual portion of 
the overall system. In this case, the security mediator, security officer, 
protected resource, and client are all separate security realms. 

18. Claim 39: Wiederhold discloses a method of claim 38 wherein additional 
information from a first security realm can be used to modify the user 
entitlement, prior to communicating information about said user entitlement 
from said first security realm to said second security ralm (col 5, 1 st 
paragraph). 
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Claim R j cti ns - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 3, 4, 14, 16, 20, 21, 31, and 33 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wiederhold (U.S. 6,226,745) and in view ofjava.sun.com, 
and/or javaworld.com. 

1 . Claims 3 and 20: Wiederhold does not teach a security system and method 
of claims 2 and 19 respectively wherein said application container is an 
Enterprise Java Bean container. However, javaworld.com discloses that one 
of the advantages of using an Enterprise Java Bean as a container is that an 
application would have almost transparent scalability (EJB advantages, item 
3). As Wiederhold discloses that his/her invention could be used in a variety 
of environments from insurance companies, hospitals, and a military setting, it 
would be obvious to one of ordinary skill in the art at the time of the 
applicant's invention to use an Enterprise Java Bean container as this would 
allow the invention of Wiederhold to be scaled appropriately and easily for 
what ever type of environment it needs to operate. 

2. Claims 4 and 21 : Wiederhold does not disclose a security system of claim 2 
and a method of claim 21 wherein said application container is a WebApp 
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container. The examiner has interpreted WebApp to be the same thing as a 
web or Internet application and a WebApp container as a container which 
uses or runs on the web or Internet. Given that it would have been obvious to 
one of ordinary skill in the art at the time of the applicant's invention to use 
Java technology in Wiederhold's invention because of the advantages 
disclosed by javaworld.com (EJB advantages), it would also have been 
obvious that the application container can also be a WebApp container as 
Java is platform independent and commonly used in web or Internet based 
applications. Wiederhold discloses that his/her invention can be used by 
groups of people not normally found close together such as a hospital staff 
with an insurance company staff, it would have been obvious to use the 
Internet as a medium for sharing information and data between the various 
user groups. Since the Internet is used as the communication medium, it 
would be obvious to use a WebApp as the application container in 
Wiederhold's invention to ensure data proper data privacy between the 
various groups as seen in Fig. 1. 
3. Claims 14 and 31 : Wiederhold does not teach a security system of claim 13 
and a method of claim 30 wherein said interface mechanism includes a Java 
J2EE security interface. However, as pointed out already, it would have been 
obvious to one of ordinary skill in the art at the time of the applicant's 
invention to use Enterprise Java Bean technology with Wiederhold's 
invention. Further, according tojava.sun.com, Enterprise Java Beans 
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technology is "the server-side component architecture for the Java 2 Platform, 
Enterprise Edition (J2EE) platform" (java.sun.com, 1 st paragraph). Therefore, 
it would have also been obvious to one of ordinary skill in the art at the time of 
the applicant's invention to make the interface mechanism include a Java 
J2EE security interface as using Enterprise Java Bean/J2EE technology 
would make the invention more flexible in terms of scalability. 
4. Claim 16 and 33: Wiederhold does not teach a security system of claim 13 
and method of claim 30 wherein said interface mechanism is included as a 
plug-in in said resource interface. However, it would have been obvious to 
one of ordinary skill in the art at the time of the applicant's invention to modify 
Wiederhold's invention so that the interface mechanism is included as a plug- 
in in the resource interface as doing so would increase the scalability of the 
invention. If one were to implement the invention using Java and as a web 
application, Java itself is a plug-in for various web browsers, therefore any 
interface mechanism employed using Java would have to be a plug-in by 
nature. 

Conclusion 

The following prior art made of record and not relied up is considered pertinent to 
the applicant's disclosure: 

• Shanton (U.S. 5,369,702): Discloses securing data via an object oriented 
approach using containers and encryption. 
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• Rivera et al (U.S. 2002/010713): Discloses a system for remotely viewing 
documents and positive results using J2EE technology. 

• Reid et al (U.S. 6,182,226): Discloses a firewall being used to separate a 
network into different regions and to limit resource access between the 
different regions. 

• Okamoto (published 1992): Discloses the concept of an integrated 
security system. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 8:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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